Setting up server with encrypted LVM without KVM

or: how i moved my data from home

1.Introduction

Over the years, I stored all my data on home server. At some point I just got tired of maintaining all this hardware and I decided to move critical data to data center. I wanted to have a fully encrypted disk, so the search for cheap dedicated server begins..

2.Choosing hosting provider

And after some searching, I settled on the hosting provider called Kimsufi. For this money you get desktop hardware without IP-KVM and without option to install system on encrypted partition via web console. But this administration console provides the ability to boot from the debian rescue disk..

3.Installing Linux

The installation process is to boot into the rescue disk, manually partition the disk, setup encrypted LVM, and then install a debian-based system with debootstrap.

3.1. Disk

Once connected you need to create two primary partitions: a small one for /boot at the beginning (~200MB) and a second one with the remaining space.

Main partition on my system is “/dev/sda5”. Setup the LUKS header with:

I want to pay attention to the parameter GRUB_RECORDFAIL_TIMEOUT.By default, after failed boot server stays in the GRUB’s selection menu waiting for any entity. On headless server this behavior is not acceptable.